Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Jun 2018 08:03:24 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Brute force Easy-RSA CA key with JTR?

On 2018-06-05 23:46, Alexandre Badalo wrote:
> This does not seem that promissing :/
> 
> Out of the box i can't get the script to work, i also tried to change
> encrypted to RSA (to match the first "tag" case) and even removing the
> headers, none yelded a good result
> 
> The tag on my priv key is "-----BEGIN ENCRYPTED PRIVATE KEY-----"

We also have a PEM format, and pem2john.py, try them instead!

magnum

> On 05-06-2018 17:47, Solar Designer wrote:
>> On Tue, Jun 05, 2018 at 04:49:56PM +0100, Alexandre Badalo wrote:
>>> Can JTR brute force Easy-RSA generated CA private passphrase? I forgot
>>> the PassPhrase for my CA but i *think* i remember some pattern that
>>> might be on the passphrase, which should reduce a lot the brute force time
>> I don't have a reliable answer, but FWIW the support for cracking some
>> SSH key formats that we have in JtR -jumbo is known to also work for
>> OpenSSL private keys in general.  I suspect it might work for their CA
>> private keys as well.  I didn't know what Easy-RSA was, but upon a quick
>> look at https://github.com/OpenVPN/easy-rsa it appears to be a wrapper
>> around OpenSSL, so it is possible that our SSH key cracking support will
>> just work for you as well.
>>
>> So please try ssh2john.py in the run/ directory against your CA private
>> key.  If it produces reasonably looking output, then try running john
>> itself against that.  Do all of this using latest revisions of our code
>> from the bleeding-jumbo branch on GitHub.  Let us know of your results.
>>
>> Perhaps we need to improve the naming and/or documentation for
>> ssh2john.py and the corresponding JtR format to account for such uses.
>>
>>> This is my first mail to a mailing list, i hope that this is the way to
>>> use it, if not, sorry :D
>> Your use so far looks good to me.
>>
>> Thanks,
>>
>> Alexander
> 
> 


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ